Bug#39908: marked as done ([external] Warn about unknown users set in maintainer scripts)
Your message dated Sat, 10 Jan 2009 20:31:19 -0800
with message-id <874p06zco8.fsf@windlord.stanford.edu>
and subject line Re: Check needed in lintian
has caused the Debian Bug report #39908,
regarding [external] Warn about unknown users set in maintainer scripts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
39908: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=39908
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: lintian
Version: 1.3-1
When a package contains a postinst where suidregister or chown calls are made
to set suid bits, lintian doen't complain or warn about unknown users.
Real example caused by building with fakeroot instead of sudo (postinst file):
#!/bin/sh -e
# Automatically added by dh_suidregister
if command -v suidregister >/dev/null 2>&1 && [ -e /etc/suid.conf ]; then
suidregister -s smbfsx /usr/bin/smbmnt bartw root 0755
elif [ -e /usr/bin/smbmnt ]; then
chown bartw.root /usr/bin/smbmnt
chmod 0755 /usr/bin/smbmnt
fi
This tries to chown files to my user. Calling
lintian -i smbfsx_2.0.4b-1_alpha.deb (where this postinst is in)
doesn't give any results. A check on this is very much wanted!
Thanks,
B.
--
B. Warmerdam GNU/Debian Linux
bartw@xs4all.nl, bartw@debian.org (Keyid: 10A0FDD1) ----------------
--- End Message ---
--- Begin Message ---
- To: 39908-done@bugs.debian.org
- Subject: Re: Check needed in lintian
- From: Russ Allbery <rra@debian.org>
- Date: Sat, 10 Jan 2009 20:31:19 -0800
- Message-id: <874p06zco8.fsf@windlord.stanford.edu>
- In-reply-to: <20010306235313.B18852@riva.ucam.org> (Colin Watson's message of "Tue\, 6 Mar 2001 23\:53\:13 +0000")
- References: <20010306235313.B18852@riva.ucam.org>
Version: 1.23.47
Colin Watson <cjw44@flatline.org.uk> writes:
> This seems kind of obsolete now that suidmanager has (almost) gone away.
> Maybe a check is needed for unknown users and groups, though. Perhaps
> (ref. policy 10.2) we should make the use of any uid/gid above 99 an
> error? 100-999 and 60000-64999 should be created dynamically by adduser,
> 1000-29999 is for local use, 30000-59999 and 60000-65533 are reserved,
> no files should have ownership nobody/nogroup, and 65535 is not used.
>
> checks/files could probably handle this, although getting the numeric
> owner will be interesting, as unpack/list-binpkg turns uids/gids into
> names and we need those too. Ugh.
This bug had been open for quite some time tagged wontfix, but it turns
out this check was added earlier this year in the process of fixing
another bug. Closing with the right version.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
--- End Message ---
Reply to: